Video Screencast Help

Issue with some custodian entries in Discovery Accelerator

Created: 20 Jul 2012 • Updated: 08 Oct 2012 | 5 comments
This issue has been solved. See solution.

Everytime the Custodian Manager synchronizes the AD account and group information it generates some Errors (Event ID's 26 & 35).

Event Type: Error
Event Source: Accelerator AD Synchronizer
Event Category: None
Event ID: 26
Date:  7/20/2012
Time:  6:19:31 AM
User:  N/A
Computer: SRP01884WN
Description:
APP AT - Customer ID: 4 - an error occured when updating the Profiles. System.Data.SqlClient.SqlException: Cannot insert duplicate key row in object 'dbo.tblAddressUser' with unique index 'IX_tblAddressUser_EmployeeID'. The duplicate key value is (<account>).
   at System.Data.Common.DbDataAdapter.UpdatedRowStatusErrors(RowUpdatedEventArgs rowUpdatedEvent, BatchCommandInfo[] batchCommands, Int32 commandCount)
   at System.Data.Common.DbDataAdapter.UpdatedRowStatus(RowUpdatedEventArgs rowUpdatedEvent, BatchCommandInfo[] batchCommands, Int32 commandCount)
   at System.Data.Common.DbDataAdapter.Update(DataRow[] dataRows, DataTableMapping tableMapping)
   at System.Data.Common.DbDataAdapter.UpdateFromDataTable(DataTable dataTable, DataTableMapping tableMapping)
   at System.Data.Common.DbDataAdapter.Update(DataTable dataTable)
   at KVS.Accelerator.ActiveDirectory.Profile.UpdateDS(SyncProfileDS ds)
 

Event Type: Error
Event Source: Accelerator AD Synchronizer
Event Category: None
Event ID: 35
Date:  7/20/2012
Time:  6:19:31 AM
User:  N/A
Computer: SRP01884WN
Description:
APP AT - Customer ID: 4 - An error occured while synchronising employee details for '<account>'. System.Data.SqlClient.SqlException: Cannot insert duplicate key row in object 'dbo.tblAddressUser' with unique index 'IX_tblAddressUser_EmployeeID'. The duplicate key value is (<account>).
   at KVS.Accelerator.ActiveDirectory.Profile.UpdateDS(SyncProfileDS ds)
   at KVS.Accelerator.Server.CentralProfileSynchroniser.SynchroniseEmployeeProfile(SyncProfileDS profileDS)
 

These accounts have been disabled once and were moved into a different OU as a disabled account. In the meantime the same user is back and got the same account. I don't know yet if the account got recreated or not.

In the Custodian Manager website the old account is still visible but has no check marks under the columns Synchronize and Active anymore. Usually if this happens in the organization I get an exclamation mark in the column Synchronize and the new account is visible as well.

If I open the old custodian entry all information is grey and cannot be changed. But I see a button at the bottom of the page called Reactivate. So I'm interested if this button will help me. But I couldn't find any information in all kind of manuals as well as in the knowledgebase. Any diea if this will help to solve the issue? What will happen if I press the "Reactivate" button? Or does somebody know how I can import the information from the new AD account that didn't get imported?
 

This issue is only in the PROD environment. We also have a test environment where we do not have such issues.

Comments 5 CommentsJump to latest comment

TonySterling's picture

Hey Dani,

What version of DA?  There was an issue in an older version where if the EmployeeID was blank it would cause the issue you are seeing.  I wander if the EmployeeID of the old account and new account are the same, therefore you get the error??

SOLUTION
Dani Schwarz's picture

Hi Tony

I currently run the DA version 9.0.2. What issue do you know about? Is there a documentation available somwhere?

What is the "Reactivate button for?

 

Regards Dani

Dani Schwarz's picture

I detected something else.

If a user account got deleted in Active Directory in the past and was recreated later Custodian Manager changes the Employee ID information to a value defined by the Custodian Manager. This didn't happen yet in the PROD environment where the issue is present.

For me the question is what causes the event ID's I get during an AD synchronization process. Is it an issue that I'm not able to read all information on the corresponding user object or is it an issue that cannot be performed in SQL.

For the AD sychronization I use a sepcial account that can read all information in the Active Directory forest. IN SQL I have sysadmin rights for the DA service account on the DA databases. For me it doesn't look like a permission issue...

Dani Schwarz's picture

In the meantime I ran a dtrace and got the following additional information around such affected user objects...

230392 11:47:40.242  [1320] (ADSynchroniser) <3356> EV-H {-} {AcceleratorEvent} {C4} WARNING EVENT: ID=27, Message=APP AT - Customer ID: 4 - Could not find <user account> [8381], the user may have been deleted. System.Runtime.InteropServices.COMException (0x80072116): Name translation: Could not find the name or insufficient right to see name. (Exception from HRESULT: 0x80072116)|   at ActiveDs.NameTranslateClass.Set(Int32 lnSetType, String bstrADsPath)|   at KVS.Accelerator.Common.ADConnection.GetEntry(String principalLogin, String guid, String& modifiedLogin)|   at KVS.Accelerator.ActiveDirectory.ADProfileSynchroniser.SynchroniseADEmployeeProfile(ProfileRow profileRow, StringCollection& allEmailAddresses, StringCollection& allDisplayNameAddresses, PropertyCollection& ADUserProps, String& ADSyncError), Description=(N/A)

230397 11:47:40.273  [1320] (ADSynchroniser) <3356> EV-H {-} {CentralProfileSynchroniser} {C4} Central_Sync: AD Synchronised '<display name>' with warnings: Could not find <user account> [8381], the user may have been deleted. Name translation: Could not find the name or insufficient right to see name. (Exception from HRESULT: 0x80072116)

TonySterling's picture

This could have to do with the account in CM being deactivated.  Honestly, you might want to open a case with support in case this is a defect that has popped back up.